Creating security group default rules

POST /v2.0/default-security-group-rules

Create a security group rule template.

The security group rule template API does not validate UUIDs of the remote_address_group_id and remote_group_id resources. If you specify the UUID of a non-existing security group or remote address group, this will cause errors during security group creation.

Source: https://docs.openstack.org/api-ref/network/v2/index.html#create-security-group-default-rule

Request

Parameters

Name In Type Description
default_security_group_rule body object A default_security_group_rule object.
description (Optional) body string A human-readable description for the resource. Default is an empty string.
remote_group_id (Optional) body string The remote group UUID to associate with this security group rule. You can specify either the remote_group_id or remote_ip_prefix attribute in the request body.
direction body string Ingress or egress, which is the direction in which the security group rule is applied.
protocol (Optional) body string The IP protocol can be represented by a string, an integer, or null. Valid string or integer values are any or 0, ah or 51, dccp or 33, egp or 8, esp or 50, gre or 47, icmp or 1, icmpv6 or 58, igmp or 2, ipip or 4, ipv6-encap or 41, ipv6-frag or 44, ipv6-icmp or 58, ipv6-nonxt or 59, ipv6-opts or 60, ipv6-route or 43, ospf or 89, pgm or 113, rsvp or 46, sctp or 132, tcp or 6, udp or 17, udplite or 136, vrrp or 112. Additionally, any integer value between [0-255] is also valid. The string any (or integer 0) means all IP protocols.
ethertype (Optional) body string Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules.
port_range_max (Optional) body integer The maximum port number in the range that is matched by the security group rule. If the protocol is TCP, UDP, DCCP, SCTP or UDP-Lite this value must be greater than or equal to the port_range_min attribute value. If the protocol is ICMP, this value must be an ICMP code.
port_range_min (Optional) body integer The minimum port number in the range that is matched by the security group rule. If the protocol is TCP, UDP, DCCP, SCTP, or UDP-Lite, this value must be less than or equal to the port_range_max attribute value. If the protocol is ICMP, this value must be an ICMP type.
remote_ip_prefix (Optional) body string The remote IP prefix that is matched by this security group rule.
used_in_default_sg body boolean Indicates whether this security group rule template will be used in the default security group created automatically for each new project.
used_in_non_default_sg body boolean Indicates whether this security group rule template will be used in custom security groups created by a project user.

Example

# curl -ks -H 'Content-Type: application/json' -H 'X-Auth-Token: gAAAAA<...>' -d '
{
    "default_security_group_rule": {
        "direction": "ingress",
        "port_range_min": "80",
        "ethertype": "IPv4",
        "port_range_max": "80",
        "protocol": "tcp",
        "used_in_default_sg": "true",
        "used_in_non_default_sg": "true"
    }
}' https://<node_IP_addr>:9696/v2.0/default-security-group-rules

Response

Parameters

Name In Type Description
default_security_group_rule body object A default_security_group_rule object.
id body string The ID of the security group rule.
description body string A human-readable description for the resource.
remote_group_id body string The remote group UUID to associate with this security group rule.
remote_address_group_id body string The remote address group UUID that is associated with this security group rule.
direction body string Ingress or egress, which is the direction in which the security group rule is applied.
protocol body string The IP protocol represented by a string, an integer, or null. The string any (or integer 0) means all IP protocols.
ethertype body string Ethertype: IPv4 or IPv6.
port_range_max body integer The maximum port number in the range that is matched by the security group rule.
port_range_min body integer The minimum port number in the range that is matched by the security group rule.
remote_ip_prefix body string The remote IP prefix that is matched by this security group rule.
used_in_default_sg body boolean Indicates whether this security group rule template will be used in the default security group created automatically for each new project.
used_in_non_default_sg body boolean Indicates whether this security group rule template will be used in custom security groups created by a project user.

Status codes

Success

Code Reason
201 - Created Resource was created and is ready to use.

Error

Code Reason
400 - Bad Request

Some content in the request was invalid.

401 - Unauthorized

User must authenticate before making a request.

404 - Not Found

The requested resource could not be found.

409 - Conflict

This operation conflicted with another operation on this resource.

Example

{
  "default_security_group_rule": {
    "id": "eb8ad926-f5c9-4371-b35f-e69563b695ac",
    "ethertype": "IPv4",
    "direction": "ingress",
    "protocol": "tcp",
    "port_range_min": 80,
    "port_range_max": 80,
    "remote_ip_prefix": null,
    "remote_address_group_id": null,
    "remote_group_id": null,
    "description": "",
    "used_in_default_sg": true,
    "used_in_non_default_sg": true
  }
}